Mike101za Posted May 22, 2020 Share Posted May 22, 2020 Hi, I am being badly spammed from the "contact us" form by non registered users. Is there any way I can restrict who can email on there. I would like to make it registered users only. Thank you Mike Link to comment Share on other sites More sharing options...
bsmither Posted May 22, 2020 Share Posted May 22, 2020 Robots don't use the form - they just need a security token and can get one of those from anywhere. Robots already know what to POST to CubeCart. Thus, modifying the template or code that calls the template to show only to logged-in users probably won't work. The solution then is to silently drop the processing of the POST submission if the session says this is not a logged in user. That, however, gives a false sense of completion to legitimate, but still not logged-in visitors, unless you add language to the form that makes plain that only logged-in customers will have their submissions read. So maybe do both: not display the form unless logged in to deny legitimate visitors, and drop the processing of the robot-submitted POSTing of form data. Be back soon. Link to comment Share on other sites More sharing options...
Mike101za Posted May 23, 2020 Author Share Posted May 23, 2020 Hi, Thank you for the reply. I have limited coding skills, how would I go about your suggestion? Link to comment Share on other sites More sharing options...
bsmither Posted May 23, 2020 Share Posted May 23, 2020 Using a programmer's text editor, make these changes: In the admin skin template documents.contact.php, find near line 17: <div><label for="status">{$LANG.common.status}</label><span><input type="hidden" name="contact[status]" id="status" value="{$CONTACT.status}" class="toggle"></span></div> On a new blank line after that, add: <div><label for="liuo">Logged-in users only?</label><span><input type="hidden" name="contact[liuo]" id="liuo" value="{$CONTACT.liuo}" class="toggle"></span></div> In the file /classes/cubecart.class.php, near line 1459, find: /** * Display contact page */ private function _contact() { // Contact Form $contact = $GLOBALS['config']->get('Contact_Form'); if ($contact && $contact['status']) { On a new blank line after that, add: if(empty($contact['liuo']) || ($contact['liuo'] && !empty($GLOBALS['user']->is()))){ In the same file, near line 1571, find: $content = $GLOBALS['smarty']->fetch('templates/content.contact.php'); $GLOBALS['smarty']->assign('PAGE_CONTENT', $content); On a new blank line after that, add: } else { $GLOBALS['gui']->setError("You must be logged in to use the Contact Us form."); httpredir('index.php'); } In admin, bring up the Contact Form settings page. Check the box for "Logged-in users only?". Save and have CubeCart clear its internal cache. On the storefront, not being logged in, click the Contact Us document link. You should be sent to the homepage showing a red warning banner. Log in to the storefront. Click the link to the Contact Us document link. You should be shown the Contact Us page. This will also thwart robots from sending specially-crafted POST submissions. Unless they first create an account. Link to comment Share on other sites More sharing options...
Mike101za Posted May 26, 2020 Author Share Posted May 26, 2020 Thank you, works like a charm. Link to comment Share on other sites More sharing options...
CharliesJewelsAndPearls Posted August 22, 2021 Share Posted August 22, 2021 Thanks Brian! I tried this 5 times, and finally copied all your instructions out to Notepad++, and went over the cubecart,class file since I wasn't getting the toggle in Admin. I must not have copied it all correctly when I didn't copy out your instructions, but it's working now and I got the toggle! Works like a charm! Thanks again Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.